Web Attack Classification Description
Web malicious scanning
Before launching attacks, hackers always use tools to detect the vulnerabilities of different WEB application systems and different typical applications (such as SQL injection, Cookie injection, XPath injection, LDAP injection, cross-site script, code injection, form bypassing, weak password, sensitive file and directory, management background, sensitive data) so as to gather information for subsequent attacks.
Cross-site script attack
It is also known as XSS, and uses the website vulnerabilities to maliciously steal information from users. In order to gather the user information, the attackers often insert JavaScript, VBScript, ActiveX or Flash in the vulnerable programs to deceive users. Once they steal the user information, the attackers can steal user accounts, modify user settings, steal/pollute cookies, and make advertisements, etc. A great deal of malicious codes of XSS attacks appear every day.
Remote file control
Some careless developers deploy the codes on the server, and the parameter settings can call and read the server system files. The remote attackers can call these system files for operation by the malicious parameters to cause threats of varying degrees to the WEB services and user privacy.
Remote backdoor execution
Backdoor programs generally refer to those program methods which bypass the security control to acquire the program or system access right. At the development stage of software, the programmers often create a backdoor program in the software to modify the defects in the program design. However, if these backdoors are known by others, or the backdoor programs are not deleted before the software is released, the backdoors become security risks and are easily attacked by hackers as vulnerabilities.
Malicious file upload
Some forum websites often allow users to upload files. The reason causing the vulnerability is that the author doesn't check or strictly filter the data submitted by the visitors, and the visitors can directly commit the modified data to bypass the check of extension name. The submitted malicious program can be executed as a remote backdoor.
Exception file reference
The web development programmers may reference external files in the codes, and the exception file reference allows the attacker to use the "dynamic file inclusion" mechanism realized in the target application. This may enable the contents of output file to cause the code execution on the Web server. Other attacks such as site script code execution may be caused in the client JavaScript, etc.
Exception file resolution
Some web server vulnerabilities allow the modified script files to be resolved according to the common picture file extension name but still execute the contents of script files. Combined with the malicious file upload attacks, this can generally bypass the extension name limits to commit backdoor files.
System vulnerability
It refers to the susceptibility or defect of a system, and its severity is generally high. The attackers can use the vulnerabilities to directly bypass the relevant security protection mechanisms of the system.
Invalid HTTP version
The HTTP protocol has a variety of versions and is identified as (major) and (minor), such as version 0.9 , 1.0 or 1.1 . An invalid HTTP version means that the attackers use the unsupported http version number to construct a data packet request to attack the web server.
Denial-of-service attack
The denial-of-service attack means that the attackers manage to let the target machine stop providing services, and it one of the common attack means of the hackers. In fact, the consumptive attacks on the network bandwidth only occupy a small part of denial-of-service attack. As long as the attacks can cause troubles to the target, suspension of some services and even host crash, these attacks are denial-of-service attacks.